Hugo Salgado from Chile managed to come up with a plausible solution: the spike is due to both DLV and the root trust anchor being used concurrently. I consulted NLnet Labs to confirm this theory and they answered the following: “DLV lookups are done using recursion. So if a TLD is in DLV (and has […]

One of the things we discovered while we were rolling out our deployment is that it is very important to monitor the availability of signed zones (see also this post by Migiel de Vos on monitoring). We have deployed default monitoring based on Nagios, with checks that verify if all signer components are running. One […]

We’ve put the champagne on ice and the cake has been ordered… Since yesterday afternoon 13:00h CET surfnet.nl is signed! All we have to wait for now is the ability to get a DS record in the .nl zone, which will hopefully happen later this month. This means that our DNSSEC system is now in full […]